Early this morning (5:21am) someone gained access to my account and bought 4000 points for $50 and spent them all on "gold packs" and "premium gold packs" for FIFA12.
I called support and had them suspend my account and open an un-authorized access investigation.
From what I can see it seems like this is a very widespread problem. If a few hundred people have bothered to make threads about this on various sites then thousands are likely affected by the same problem.
All 3 of the support people I talked to said (in a very guarded fashion) that they had seen a number of these cases where the same exact items were purchased for the same game.
I was assured that no-one could see my card info because it is not listed.
BUT! if these people are 1/2 as smart as they seem, they obviously would think to remove the HDD and connect it to a PC and know how to browse the system files and view my card info in its entirety right?
If a users card info is stored on the console in complete form in any place I can guarantee someone with moderate skill could access it.
Why is MS not warning people or making a public statement about this? Who thinks I need to cancel this card? It's a debit card... linked straight to my bank account. I know I should have removed it months ago, and I tried to, but unfortunately M$ won't allow me to because of some issue with a pre-paid subscription card being redeemed while an existing subscription paid for via card is still active.
Also.... can't play BF3 now because my account is suspended and the average timeframe for reconciliation is 25 days. It's cool though, not like i have been waiting for BF3 for SIX DAMN YEARS